US9940265B2 - Computing system and method of operating computing system - Google Patents

Computing system and method of operating computing system Download PDF

Info

Publication number
US9940265B2
US9940265B2 US13/599,617 US201213599617A US9940265B2 US 9940265 B2 US9940265 B2 US 9940265B2 US 201213599617 A US201213599617 A US 201213599617A US 9940265 B2 US9940265 B2 US 9940265B2
Authority
US
United States
Prior art keywords
data
protection technology
encrypted
computing system
payload
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related, expires
Application number
US13/599,617
Other versions
US20130054978A1 (en
Inventor
Suk-jin Yun
Jun-bum Shin
Moon-gyu JUNG
Byung-Ho Cha
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Assigned to SAMSUNG ELECTRONICS CO., LTD. reassignment SAMSUNG ELECTRONICS CO., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CHA, BYUNG-HO, JUNG, MOON-GYU, SHIN, JUN-BUM, YUN, SUK-JIN
Publication of US20130054978A1 publication Critical patent/US20130054978A1/en
Application granted granted Critical
Publication of US9940265B2 publication Critical patent/US9940265B2/en
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/14Handling requests for interconnection or transfer
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/84Protecting input, output or interconnection devices output devices, e.g. displays or monitors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Definitions

  • Systems and methods consistent with exemplary embodiments relate to a computing system and a method of operating the computing system, and more particularly, to a computing system for protecting data in a shared memory and a method of operating the computing system.
  • DRM digital rights management
  • end-to-end protection has not been considered for these conventional content protecting technologies.
  • DRM when DRM is released before audio/video (AV) content to which the DRM is applied is used in a target device, the AV content is temporally decrypted in the target device.
  • external attackers may illegally copy the AV content.
  • One or more exemplary embodiments provide a computing system for protecting data in a shared memory and a method of operating the computing system.
  • a computing system including a memory that is shared by a plurality of components of the computing system in order to exchange data between the plurality of components; and a controller configured to control the plurality of components to encrypt the data and to record the encrypted data in the memory.
  • a method of operating a computing system including encrypting data when a memory is shared by a plurality of components of the computing system in order to exchange data between the plurality of components; and recording the encrypted data in the memory.
  • FIG. 1 is a block diagram of a computing system according to an exemplary embodiments
  • FIG. 2 is a schematic diagram for explaining an operation of a computing system, according to an exemplary embodiments
  • FIG. 3 is a detailed diagram for explaining an operation of a computing system, according to another exemplary embodiments.
  • FIGS. 4A and 4B show data structures, according to an exemplary embodiments
  • FIGS. 5A and 5B show data structures that are protected on a path from a point of time when commercial DRM is released to a point of time when data is rendered;
  • FIG. 6 is a flowchart of a method of operating a computing system, according to another exemplary embodiment.
  • FIG. 1 is a block diagram of a computing system 100 according to an exemplary embodiments
  • the computing system 100 includes a processor 110 and a memory 120 .
  • the processor 110 that is also referred to as an application processor 110 includes a controller 130 and first and second components 140 and 150 of the computing system 100 .
  • the first and second components 140 and 150 of the computing system 100 perform a function of a graphic processing unit (GPU).
  • GPU graphic processing unit
  • FIG. 1 For convenience of illustration, only the first component 140 and the second component 150 are shown in FIG. 1 . However, it will be understood that at least two components that are separated in units of function blocks may be used or alternatively, a single combined component performing various functions may be used.
  • the memory 120 is a shared local memory that is shared by the first and second components 140 and 150 of the computing system 100 in order to exchange data therebetween.
  • An example of the memory 120 includes a double data rate (DDR) memory, but is not limited thereto.
  • DDR double data rate
  • the controller 130 is a device for controlling the computing system 100 .
  • the controller 130 controls a series of operations of receiving data from various input devices, processing the data, and then transmitting a result to an output device. That is, the controller 130 serves as a host central processing unit (CPU). Operation of the controller 130 will now be described.
  • CPU central processing unit
  • First data of the first component 140 is decryption state data.
  • first data of the first component 140 is transmitted to the second component 150 through the memory 120 rather than being used in the first component 140 or being transmitted to an external device.
  • the controller 130 controls the first component 140 to apply a protection technology according to the exemplary embodiment to the first data so as to generate second data that is encryption state data.
  • the protection technology according to the present exemplary embodiment is a predetermined encryption/decryption technology that is determined between the first and second components 140 and 150 in order to protect data and will be referred to as a ‘first protection technology’.
  • the first component 140 and the second component 150 may share a shared key for applying or releasing the first protection technology.
  • encryption is not performed on all data, but instead, encryption/decryption is performed on a predetermined region of a payload of data.
  • a data structure for applying the first protection technology will be described later below with reference to FIGS. 4A and 4B .
  • the controller 130 transmits the second data from the first component 140 to the memory 120 .
  • the controller 130 transmits the second data from the memory 120 to the second component 150 .
  • the second component 150 generates the first data that is decryption state data in which the first protection technology is released.
  • the second component 150 performs a unique data processing function on the first data. For example, when the second component 150 is a renderer, the second component 150 may perform rendering so as to display the first data on a display unit (not shown).
  • FIG. 2 is a schematic diagram for explaining an operation of a computing system 100 a , according to an exemplary embodiment.
  • the computing system 100 a includes a memory 120 a , a controller 130 a , a security unit 140 a , and a display controller 150 a .
  • a memory 120 a includes a memory 120 a , a controller 130 a , a security unit 140 a , and a display controller 150 a .
  • the security unit 140 a and the display controller 150 a are exemplified as components of the computing system 100 a .
  • the computing system 100 a may include various other components that perform a function of a GPU.
  • the controller 130 a receives data that is encrypted by using digital rights management (DRM) from a source device (not shown) and stores the data in the memory 120 a .
  • DRM digital rights management
  • the DRM is exemplified as an external protection technology.
  • the external protection technology may include various link protection technologies such as digital transmission content protection (DTCP) and high bandwidth digital content protection (HDCP), which allow digital content to be transmitted to reliable devices only.
  • DTCP digital transmission content protection
  • HDCP high bandwidth digital content protection
  • the controller 130 a transmits the DRM encrypted data from the memory 120 a to the security unit 140 a (which is also referred to as a security subsystem).
  • the security unit 140 a decrypts the DRM encrypted data.
  • the security unit 140 a generates re-encrypted data by encrypting the DRM decrypted data again by using the first protection technology.
  • the data may be audio/video (AV) data, but is not limited thereto.
  • the controller 130 a transmits the re-encrypted data from the security unit 140 a to the memory 120 .
  • the memory 120 a although the DRM encrypted data is decrypted, the data that is re-encrypted by using the first protection technology is present. Thus, even if malware accesses the memory 120 a so as to capture data, it is impossible to illegally use the data.
  • malware may access the data.
  • this problem may be overcome.
  • the controller 130 a transmits the re-encrypted data from the memory 120 a to the display controller 150 a.
  • the display controller 150 a decrypts the re-encrypted data, decodes the decrypted data, renders the decoded data, and outputs the rendered data on a display unit (not shown).
  • the computing system 100 has the following advantages.
  • data may be protected by using a simple method in order to ensure a secure environment without complicated virtualization technology or heavy hardware.
  • content may be protected by using hardware-based end-to-end protection technology rather than being dependent upon content protection technology based on a software (S/W) solution.
  • the first protection technology is applied from a point of time when commercial DRM is released just before the rendering is performed.
  • a security level may be increased by using conventional content protection technologies with the first protection technology.
  • the first protection technology may be easily combined with a commercial DRM solution. That is, since the first protection technology may be applied to the memory 120 without being dependent upon the commercial DRM solution, the first protection technology may be easily combined with the commercial DRM solution.
  • AV content having high image quality such as 1080P, may be more easily ensured.
  • the computing system 100 may be used in a premium content streaming service of a mobile device, a premium content streaming service of internet protocol television (IPTV) and smart TV, and a premium content streaming service of a set-top box (STB).
  • IPTV internet protocol television
  • STB set-top box
  • FIG. 3 is a detailed diagram for explaining an operation of a computing system 100 b , according to another exemplary embodiment.
  • a controller 130 b a security unit 140 b , a rendering unit 350 , and a codec unit 340 share data with each other through a memory 120 b and perform respective functions to perform a data processing process.
  • the security unit 140 b the rendering unit 350 , and the codec unit 340 are exemplified as components of the computing system 100 b .
  • the computing system 100 b may include various components for performing a function of a GPU.
  • the first protection technology may be embodied in the components of the computing system 100 b , except for the controller 130 b , that is, in the memory 120 b , the security unit 140 b , the rendering unit 350 , and the codec unit 340 .
  • Data structures 320 , 320 a , 330 , and 330 a to which the first protection technology is applied are illustrated to have a slash pattern and a dot pattern. In this case, the same patterns have the same protection parameters and different patterns have different protection parameters. Throughout this specification, protection, crypto, and encryption/decryption have the same meaning.
  • ‘Crypto’ refers to a crypto engine for performing encryption/decryption. ‘Enc’ and the ‘Dec’ that are indicated below ‘Crypto’ refer to encryption and decryption functions performed by the crypto engine. According to the present exemplary embodiment, the crypto engine may have a relatively small size and a high speed.
  • the controller 130 b generates a data structure including a header and a payload in order to apply the first protection technology to data and packetizes the data structure.
  • Numbers ⁇ circle around ( 1 ) ⁇ , ⁇ circle around ( 2 ) ⁇ , ⁇ circle around ( 3 ) ⁇ , and ⁇ circle around ( 4 ) ⁇ in the data structures in the memory 120 b refer to numbers of components of the computing system 100 b , which are 130 b , 140 b , 340 , 350 that access the data structures in the memory 120 b , in FIG. 3 .
  • controller 130 b and the security unit 140 b access the data structure 310 .
  • the controller 130 b , the security unit 140 b , and the codec unit 340 access the data structure 320 .
  • the controller 130 b , the codec unit 340 , and the rendering unit 350 access the data structure 330 .
  • the controller 130 b stores the data structure 310 that is encrypted by using DRM in the memory 120 b.
  • the controller 130 b transmits the data structure 310 from the memory 120 b to the security unit 140 b.
  • the security unit 140 b decrypts the data structure 310 and generates the data structure 320 by re-encrypting the data structure 310 a as a first protection parameter.
  • the controller 130 transmits the data structure 320 that is re-encrypted as the first protection parameter from the security unit 140 b to the memory 120 b.
  • the controller 130 transmits the data structure 320 from the memory 120 b to the codec unit 340 .
  • the codec unit 340 decrypts the data structure 320 .
  • the codec unit 340 decodes the data structure 320 a and generates the data structure 330 by re-encrypting the data structure 320 a as a second protection parameter.
  • the controller 130 b transmits the data structure 330 that is re-encrypted as the second parameter from the codec unit 340 to the memory 120 b.
  • the controller 130 b transmits the data structure 330 to the rendering unit 350 .
  • the rendering unit 350 decrypts the data structure 330 .
  • the rendering unit 350 renders the data structure 330 a and displays the data structured 330 a on a display unit 360 .
  • the data structure that is adapted in order to apply the first protection technology includes an encryption/decryption (Enc/Dec) header, and an encryption/decryption (Enc/Dec) payload.
  • the Enc/Dec payload includes an elementary stream (ES) header and a packetized elementary stream (PES) payload.
  • ES elementary stream
  • PES packetized elementary stream
  • the ‘header’ and the ‘payload’ refer to an Enc/Dec Header and an Enc/Dec payload, which are formed by using the first protection technology.
  • the PES payload is just an example, and thus the exemplary embodiments are not limited thereto.
  • the PES may be of another transport protocol packet type.
  • the ES header is a header that is formed when original AV data is compressed by a codec and is generated from an upper AV protocol.
  • an AV container such as AV1, MP2, WMA, or the like may be used.
  • the ES header since the ES header includes information that is required to perform rending, the ES header is not encrypted and remains as plain text.
  • the ES header is formed by an upper layer and is a portion that cannot be controlled by using the first protection technology.
  • the Enc/Dec header is formed by using the first protection technology.
  • a dot pattern of a payload indicates an encrypted data segment.
  • a slash pattern indicates a segment that is not encrypted for a final block if misalignment occurs.
  • a header of the data structure includes relevant information indicating a range of encryption/decryption in order to perform encryption/decryption by using the first protection technology.
  • misalignment is liked to occur by 128 bits.
  • the header of the data structure includes position information indicating a position from where encryption/decryption is not performed.
  • ‘Len’ indicates a payload length of the data structure that is defined according to the exemplary embodiments.
  • A/V indicates an identifier indicating whether a payload indicates audio data or video data.
  • ‘ULH IDC’ indicates an identifier indicating whether upper layer headers to which encryption/decryption should not be applied are present in the payload.
  • ‘ULH Len’ indicates a range (length) of a region to which encryption/decryption should not be applied when the upper layer headers to which encryption/decryption should not be applied are present in the payload.
  • ‘St.Ctr’ is a first counter (CTR) number of the payload and is used as an input during encryption/decryption.
  • a data protection function may be further strengthened by adding a counter value in addition to a key value, as an input of the crypto engine (refer to FIG. 3 )
  • ‘# of MA offset’ indicates the number of blocks to which encryption/decryption should not be applied from among all payloads due to misalignment from “St. Ctr”.
  • the misalignment indicates that targets of encryption/decryption do not have 128 bits, but is not limited thereto.
  • the three white regions 21 , 26 , and 30 are regions to which encryption/decryption should not be applied.
  • misalignment Position St .Ctr+Ma Ctr (1)
  • the regions 21 , 26 , and 30 that are misaligned may be traced according to equations 18+3, 18+8, and 18+12, respectively.
  • Value Value indicates the number of bytes to which encryption/decryption is not applied in the calculated MaCtr block.
  • the concept that Valid of the region 21 is 1 indicates that encryption/decryption is not applied to 1 byte only.
  • encryption/decryption is not applied to 8 bytes.
  • encryption/decryption is not applied to 6 bytes. Encryption/decryption is not applied as long as different lengths of white regions have different lengths in the regions 21 , 26 , and 30 .
  • FIGS. 5A and 5B show data structures that are protected on a path from a point of time when commercial DRM is released to a point of time when rendering is performed on data.
  • FIGS. 5A and 5B are based on the data structure of FIG. 4A .
  • a data structure 510 is encrypted by using the commercial DRM 515 .
  • a data structure 520 is decrypted by a commercial DRM decrypter.
  • a data structure 530 is formed by an upper layer header (UL_HDR) parser & first encrypter 525 , which parses header information of the data structure 520 and performs first encryption on a payload in a predetermined encryption range based on the header information.
  • UL_HDR upper layer header
  • the white region is a region to which encryption/decryption should not be applied.
  • a security unit 140 may include a commercial DRM decrypter 515 and the UL_HDR parser & first encrypter 525 .
  • a data structure 540 is a data structure formed by aggregating a header and payload packets of the data structure 530 .
  • a media player (MP) of the controller 130 b may aggregate the PES packets.
  • a data structure 550 is a data structure formed by the UL_HDR parser & first decrypter 545 , which parses header information of the data structure 540 and performs first decryption on a payload in a predetermined decryption range based on the header information.
  • a data structure 560 is formed by a decoder 555 decoding the data structure 550 .
  • a data structure 570 is a data structure formed by a second encrypter 565 performing second encoding on a payload in a predetermined encryption range based on header information of the data structure 560 .
  • the codec unit 340 may include the UL_HDR parser & first decrypter 545 and the decoder 555 .
  • a data structure 580 is a data structure formed by a second decrypter 575 performing second decryption on the data structure 570 .
  • the decrypted data structure 580 is rendered and displayed on a display unit 360 .
  • the rendering unit 350 may include the second decrypter 575 and a renderer 575 .
  • FIG. 6 is a flowchart of a method of operating a computing system 100 , according to another exemplary embodiment. The operation of FIG. 6 is the same as the operation of the computing system 100 described with reference to FIG. 1 and thus, will be simply described.
  • the controller 130 controls the components to encrypt data. For example, when data is transmitted from the first component 140 to the second component 150 through the memory 120 , the controller 130 controls the first component 140 to encrypt decrypted data.
  • the controller 130 controls the components to record the encrypted data in the memory 120 .
  • the controller 130 controls the first component 140 to record the encrypted data in the memory 120 .
  • An example of the computing system 100 may include a display device.
  • a data structure according to the scenario indicates the data structure described with reference to FIG. 4A .
  • the computing system 100 stores, in the memory 120 , encrypted data that is safely received by using content protection technology (hereinafter, referred to as external protection technology) determined between the computing system 100 and a source device (not shown).
  • content protection technology hereinafter, referred to as external protection technology
  • the controller 130 generates the data structure before the external protection technology is released and fills a payload of the data structure with the data in which the external protection technology is released.
  • the controller 130 controls the security unit 140 a to release the external protection technology and to perform packetization on the data structure.
  • the security unit 140 a performs encryption/decryption based on header information of the data structure.
  • a media player (MD) operating in the controller 130 controls a demultiplexer (DEMUX) to decode the payload of the data structure recovered from the security unit 140 a.
  • DEMUX demultiplexer
  • the computing system 100 is designed so that a portion that is required to be referred to is not encrypted from among an encrypted payload in the data structure, the DEMUX has no problem when performing operations. However, since other remaining payloads themselves are encrypted, the other remaining payloads are safe from external attacks.
  • the media player calls the codec unit 340 .
  • the codec unit 340 decrypts the encrypted data structure and decodes the decrypted data structure.
  • the codec unit 340 After the data is decoded, just before the data is written in the memory 120 , the codec unit 340 applies the first protection technology to encrypt the decoded data structure and records the encrypted data structure in the memory 120 .
  • the media player calls the rendering unit 350 .
  • the rendering unit 350 decrypts the encrypted data structure and renders the encrypted data structure.
  • the exemplary embodiments can also be implemented as computer readable codes on a computer readable recording medium.
  • the computer readable recording medium is any data storage device that can store programs or data which can be thereafter read by a computer system.
  • the computer readable codes are configured to perform methods of recording and reproducing an image according to the exemplary embodiments when being read and executed by a processor.
  • the computer readable codes may be embodied by various programming languages. Functional programs, codes, and code segments for accomplishing the exemplary embodiments can be easily construed by programmers of ordinary skill in the art to which the exemplary embodiments pertain.
  • Examples of the computer readable recording medium include read-only memory (ROM), random-access memory (RAM), CD-ROMs, magnetic tapes, floppy disks, optical data storage devices, solid state drives (SSD), flash memories, and so on.
  • ROM read-only memory
  • RAM random-access memory
  • CD-ROMs compact disc-read only memory
  • magnetic tapes magnetic tapes
  • floppy disks magnetic tapes
  • optical data storage devices solid state drives (SSD), flash memories, and so on.
  • SSD solid state drives
  • flash memories and so on.
  • the computer readable recording medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Human Computer Interaction (AREA)
  • Storage Device Security (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Television Signal Processing For Recording (AREA)

Abstract

A computing system including a memory that is shared by a plurality of components of the computing system in order to exchange data between the plurality of components; and a controller configured to control the plurality of components to encrypt the data and to record the encrypted data in the memory.

Description

CROSS-REFERENCE TO RELATED PATENT APPLICATION
This application claims priority from Korean Patent Application No. 10-2011-0087196, filed on Aug. 30, 2011 in the Korean Intellectual Property Office, the disclosure of which is incorporated herein in its entirety by reference.
BACKGROUND
1. Field
Systems and methods consistent with exemplary embodiments relate to a computing system and a method of operating the computing system, and more particularly, to a computing system for protecting data in a shared memory and a method of operating the computing system.
2. Description of the Related Art
In an open platform environment where independent inventors can develop and register applications other than operating systems, there is an increasing need to ensure secure platforms for safely protecting content.
In order to safely provide content from a source device to a target device, conventional content protecting technologies such as digital rights management (DRM) or link protection has been used.
However, end-to-end protection has not been considered for these conventional content protecting technologies. For example, when DRM is released before audio/video (AV) content to which the DRM is applied is used in a target device, the AV content is temporally decrypted in the target device. In this case, external attackers may illegally copy the AV content.
SUMMARY
One or more exemplary embodiments provide a computing system for protecting data in a shared memory and a method of operating the computing system.
According to an aspect of an exemplary embodiment, there is provided a computing system including a memory that is shared by a plurality of components of the computing system in order to exchange data between the plurality of components; and a controller configured to control the plurality of components to encrypt the data and to record the encrypted data in the memory.
According to an aspect of another exemplary embodiment, there is provided a method of operating a computing system, the method including encrypting data when a memory is shared by a plurality of components of the computing system in order to exchange data between the plurality of components; and recording the encrypted data in the memory.
BRIEF DESCRIPTION OF THE DRAWINGS
The above and other aspects will become more apparent by describing in detail exemplary embodiments with reference to the attached drawings in which:
FIG. 1 is a block diagram of a computing system according to an exemplary embodiments;
FIG. 2 is a schematic diagram for explaining an operation of a computing system, according to an exemplary embodiments;
FIG. 3 is a detailed diagram for explaining an operation of a computing system, according to another exemplary embodiments;
FIGS. 4A and 4B show data structures, according to an exemplary embodiments;
FIGS. 5A and 5B show data structures that are protected on a path from a point of time when commercial DRM is released to a point of time when data is rendered; and
FIG. 6 is a flowchart of a method of operating a computing system, according to another exemplary embodiment.
 DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS
While describing the exemplary embodiments, detailed descriptions about related well-known functions or configurations that may diminish the clarity of certain aspects of the exemplary embodiments are omitted.
Terms or words used herein shall not be limited to having common or dictionary meanings, and may have meanings corresponding to technical aspects of the exemplary embodiments so as to most suitably describe the exemplary embodiments.
Reference will now be made in detail to various embodiments, examples of which are illustrated in the accompanying drawings.
FIG. 1 is a block diagram of a computing system 100 according to an exemplary embodiments
Referring to FIG. 1, the computing system 100 includes a processor 110 and a memory 120.
The processor 110 that is also referred to as an application processor 110 includes a controller 130 and first and second components 140 and 150 of the computing system 100.
The first and second components 140 and 150 of the computing system 100 perform a function of a graphic processing unit (GPU). For convenience of illustration, only the first component 140 and the second component 150 are shown in FIG. 1. However, it will be understood that at least two components that are separated in units of function blocks may be used or alternatively, a single combined component performing various functions may be used.
The memory 120 is a shared local memory that is shared by the first and second components 140 and 150 of the computing system 100 in order to exchange data therebetween. An example of the memory 120 includes a double data rate (DDR) memory, but is not limited thereto.
The controller 130 is a device for controlling the computing system 100. The controller 130 controls a series of operations of receiving data from various input devices, processing the data, and then transmitting a result to an output device. That is, the controller 130 serves as a host central processing unit (CPU). Operation of the controller 130 will now be described.
First data of the first component 140 is decryption state data.
It is assumed that the first data of the first component 140 is transmitted to the second component 150 through the memory 120 rather than being used in the first component 140 or being transmitted to an external device.
In this case, the controller 130 controls the first component 140 to apply a protection technology according to the exemplary embodiment to the first data so as to generate second data that is encryption state data. The protection technology according to the present exemplary embodiment is a predetermined encryption/decryption technology that is determined between the first and second components 140 and 150 in order to protect data and will be referred to as a ‘first protection technology’. In this case, according to the present exemplary embodiment, the first component 140 and the second component 150 may share a shared key for applying or releasing the first protection technology.
In the first protection technology, encryption is not performed on all data, but instead, encryption/decryption is performed on a predetermined region of a payload of data. A data structure for applying the first protection technology will be described later below with reference to FIGS. 4A and 4B.
Then, the controller 130 transmits the second data from the first component 140 to the memory 120.
Then, the controller 130 transmits the second data from the memory 120 to the second component 150.
The second component 150 generates the first data that is decryption state data in which the first protection technology is released. The second component 150 performs a unique data processing function on the first data. For example, when the second component 150 is a renderer, the second component 150 may perform rendering so as to display the first data on a display unit (not shown).
FIG. 2 is a schematic diagram for explaining an operation of a computing system 100 a, according to an exemplary embodiment.
The computing system 100 a includes a memory 120 a, a controller 130 a, a security unit 140 a, and a display controller 150 a. For convenience of description, only the security unit 140 a and the display controller 150 a are exemplified as components of the computing system 100 a. However, the computing system 100 a may include various other components that perform a function of a GPU.
The controller 130 a receives data that is encrypted by using digital rights management (DRM) from a source device (not shown) and stores the data in the memory 120 a. According to the present exemplary embodiment, the DRM is exemplified as an external protection technology. However, the external protection technology may include various link protection technologies such as digital transmission content protection (DTCP) and high bandwidth digital content protection (HDCP), which allow digital content to be transmitted to reliable devices only.
Then, the controller 130 a transmits the DRM encrypted data from the memory 120 a to the security unit 140 a (which is also referred to as a security subsystem). The security unit 140 a decrypts the DRM encrypted data. Then, the security unit 140 a generates re-encrypted data by encrypting the DRM decrypted data again by using the first protection technology. In this case, the data may be audio/video (AV) data, but is not limited thereto.
Then, the controller 130 a transmits the re-encrypted data from the security unit 140 a to the memory 120.
Accordingly, in the memory 120 a, although the DRM encrypted data is decrypted, the data that is re-encrypted by using the first protection technology is present. Thus, even if malware accesses the memory 120 a so as to capture data, it is impossible to illegally use the data.
Conventionally, during an AV processing process, since DRM encrypted data is temporally decrypted and exposed to outside a computing system, malware may access the data. However, according to the present exemplary embodiment, this problem may be overcome.
Then, the controller 130 a transmits the re-encrypted data from the memory 120 a to the display controller 150 a.
The display controller 150 a decrypts the re-encrypted data, decodes the decrypted data, renders the decoded data, and outputs the rendered data on a display unit (not shown).
As a result, the computing system 100 has the following advantages.
First, data may be protected by using a simple method in order to ensure a secure environment without complicated virtualization technology or heavy hardware.
Second, content may be protected by using hardware-based end-to-end protection technology rather than being dependent upon content protection technology based on a software (S/W) solution. In addition, the first protection technology is applied from a point of time when commercial DRM is released just before the rendering is performed.
Third, data that needs to be protected when being stored in the memory 120 is encrypted by using the first protection technology. Thus, even if malware present in the controller 130 accesses the memory 120 and illegally copies data, the data cannot be reproduced.
Fourth, a security level may be increased by using conventional content protection technologies with the first protection technology. For example, the first protection technology may be easily combined with a commercial DRM solution. That is, since the first protection technology may be applied to the memory 120 without being dependent upon the commercial DRM solution, the first protection technology may be easily combined with the commercial DRM solution.
Fifth, in an environment in which circulation markets of premium content are spread out, AV content having high image quality, such as 1080P, may be more easily ensured.
In addition, the computing system 100 may be used in a premium content streaming service of a mobile device, a premium content streaming service of internet protocol television (IPTV) and smart TV, and a premium content streaming service of a set-top box (STB).
FIG. 3 is a detailed diagram for explaining an operation of a computing system 100 b, according to another exemplary embodiment.
Referring to FIG. 3, a controller 130 b, a security unit 140 b, a rendering unit 350, and a codec unit 340 share data with each other through a memory 120 b and perform respective functions to perform a data processing process.
For convenience of description, the security unit 140 b, the rendering unit 350, and the codec unit 340 are exemplified as components of the computing system 100 b. However, the computing system 100 b may include various components for performing a function of a GPU.
The first protection technology may be embodied in the components of the computing system 100 b, except for the controller 130 b, that is, in the memory 120 b, the security unit 140 b, the rendering unit 350, and the codec unit 340.
Data structures 320, 320 a, 330, and 330 a to which the first protection technology is applied are illustrated to have a slash pattern and a dot pattern. In this case, the same patterns have the same protection parameters and different patterns have different protection parameters. Throughout this specification, protection, crypto, and encryption/decryption have the same meaning.
In FIG. 3, ‘Crypto’ refers to a crypto engine for performing encryption/decryption. ‘Enc’ and the ‘Dec’ that are indicated below ‘Crypto’ refer to encryption and decryption functions performed by the crypto engine. According to the present exemplary embodiment, the crypto engine may have a relatively small size and a high speed.
The controller 130 b generates a data structure including a header and a payload in order to apply the first protection technology to data and packetizes the data structure.
Numbers {circle around (1)}, {circle around (2)}, {circle around (3)}, and {circle around (4)} in the data structures in the memory 120 b refer to numbers of components of the computing system 100 b, which are 130 b, 140 b, 340, 350 that access the data structures in the memory 120 b, in FIG. 3.
That is, the controller 130 b and the security unit 140 b access the data structure 310. The controller 130 b, the security unit 140 b, and the codec unit 340 access the data structure 320. The controller 130 b, the codec unit 340, and the rendering unit 350 access the data structure 330.
First, the controller 130 b stores the data structure 310 that is encrypted by using DRM in the memory 120 b.
Then, the controller 130 b transmits the data structure 310 from the memory 120 b to the security unit 140 b.
Then, the security unit 140 b decrypts the data structure 310 and generates the data structure 320 by re-encrypting the data structure 310 a as a first protection parameter.
Then, the controller 130 transmits the data structure 320 that is re-encrypted as the first protection parameter from the security unit 140 b to the memory 120 b.
Then, the controller 130 transmits the data structure 320 from the memory 120 b to the codec unit 340.
Then, the codec unit 340 decrypts the data structure 320. The codec unit 340 decodes the data structure 320 a and generates the data structure 330 by re-encrypting the data structure 320 a as a second protection parameter.
Then, the controller 130 b transmits the data structure 330 that is re-encrypted as the second parameter from the codec unit 340 to the memory 120 b.
Then, the controller 130 b transmits the data structure 330 to the rendering unit 350. The rendering unit 350 decrypts the data structure 330. The rendering unit 350 renders the data structure 330 a and displays the data structured 330 a on a display unit 360.
With reference to FIGS. 4A and 4B, a data structure that is illustrated in order to apply the first protection technology will now be described.
According to the present exemplary embodiment, the data structure that is adapted in order to apply the first protection technology includes an encryption/decryption (Enc/Dec) header, and an encryption/decryption (Enc/Dec) payload.
The Enc/Dec payload includes an elementary stream (ES) header and a packetized elementary stream (PES) payload. Throughout this specification, the ‘header’ and the ‘payload’ refer to an Enc/Dec Header and an Enc/Dec payload, which are formed by using the first protection technology. The PES payload is just an example, and thus the exemplary embodiments are not limited thereto. The PES may be of another transport protocol packet type.
The ES header is a header that is formed when original AV data is compressed by a codec and is generated from an upper AV protocol. In order to transmit an ES packet, an AV container such as AV1, MP2, WMA, or the like may be used.
For example, since the ES header includes information that is required to perform rending, the ES header is not encrypted and remains as plain text.
The ES header is formed by an upper layer and is a portion that cannot be controlled by using the first protection technology. On the other hand, the Enc/Dec header is formed by using the first protection technology.
Referring to FIG. 4A, a dot pattern of a payload indicates an encrypted data segment. A slash pattern indicates a segment that is not encrypted for a final block if misalignment occurs.
Two functions of data structures according to the exemplary embodiments will now be described.
With regard to a first function, a header of the data structure includes relevant information indicating a range of encryption/decryption in order to perform encryption/decryption by using the first protection technology.
With regard to a second function, according to the exemplary embodiments, when encryption/decryption is performed in units of blocks, misalignment is liked to occur by 128 bits. For reference, when encryption is performed in units of blocks, only data with a predetermined length may be input. Encryption is not performed on a last data portion where the misalignment occurs. In this case, the header of the data structure includes position information indicating a position from where encryption/decryption is not performed.
With reference to FIGS. 4A and 4B, an example of a data structure for performing the above-described two functions will now be described.
First, with reference to FIG. 4A, the first function of the data structure will be described.
‘Len’ indicates a payload length of the data structure that is defined according to the exemplary embodiments.
‘A/V’ indicates an identifier indicating whether a payload indicates audio data or video data.
‘ULH IDC’ indicates an identifier indicating whether upper layer headers to which encryption/decryption should not be applied are present in the payload.
‘ULH Len’ indicates a range (length) of a region to which encryption/decryption should not be applied when the upper layer headers to which encryption/decryption should not be applied are present in the payload.
With reference to FIGS. 4A and 4B, the second function of the data structure will be described.
‘St.Ctr’ is a first counter (CTR) number of the payload and is used as an input during encryption/decryption.
A data protection function may be further strengthened by adding a counter value in addition to a key value, as an input of the crypto engine (refer to FIG. 3)
‘# of MA offset’ indicates the number of blocks to which encryption/decryption should not be applied from among all payloads due to misalignment from “St. Ctr”. For example, according to the exemplary embodiments, the misalignment indicates that targets of encryption/decryption do not have 128 bits, but is not limited thereto.
For example, since FIG. 4B shows “# of MA offset==3”, it may be seen that three regions 21, 26, and 30 are white except for the ES header. The three white regions 21, 26, and 30 are regions to which encryption/decryption should not be applied.
With regard to ‘MaCtr/Valid’, the misalignment may be traced by adding a value ‘MaCtr’ and a value of ‘St.Ctr’.
Misalignment Position=St .Ctr+Ma Ctr  (1)
For example, referring to FIG. 4B, the regions 21, 26, and 30 that are misaligned may be traced according to equations 18+3, 18+8, and 18+12, respectively.
‘Valid’ indicates the number of bytes to which encryption/decryption is not applied in the calculated MaCtr block.
For example, referring to FIG. 4B, the concept that Valid of the region 21 is 1 indicates that encryption/decryption is not applied to 1 byte only. With regard to the region 26, encryption/decryption is not applied to 8 bytes. With regard to the region 30, encryption/decryption is not applied to 6 bytes. Encryption/decryption is not applied as long as different lengths of white regions have different lengths in the regions 21, 26, and 30.
FIGS. 5A and 5B show data structures that are protected on a path from a point of time when commercial DRM is released to a point of time when rendering is performed on data. FIGS. 5A and 5B are based on the data structure of FIG. 4A.
Referring to FIG. 5A, a data structure 510 is encrypted by using the commercial DRM 515.
A data structure 520 is decrypted by a commercial DRM decrypter.
A data structure 530 is formed by an upper layer header (UL_HDR) parser & first encrypter 525, which parses header information of the data structure 520 and performs first encryption on a payload in a predetermined encryption range based on the header information.
For example, with regard to the data structure 530, when a header the rightmost data structure is referred to, since MA offset==1, it may be seen that a single region is white except for the ES header. The white region is a region to which encryption/decryption should not be applied.
In addition, Misalignment Position=St.Ctr+MaCtr=18+4=22.
Since Valid=8, encryption/decryption is not applied to 8 bytes in the calculated MaCtr block.
A security unit 140 may include a commercial DRM decrypter 515 and the UL_HDR parser & first encrypter 525.
A data structure 540 is a data structure formed by aggregating a header and payload packets of the data structure 530. For example, in order to collect PES packets to form a single ES packet prior to AV decoding, a media player (MP) of the controller 130 b (refer to FIG. 3) may aggregate the PES packets.
When a transmission side finely divides an ES packet in order to transmit the ES packet, the divided packets need to be aggregated prior to decoding of the divided packets. Thus, if the ES packet itself is encrypted and transmitted without being divided by the transmission side, the data structure 540 may be omitted. A data structure 550 is a data structure formed by the UL_HDR parser & first decrypter 545, which parses header information of the data structure 540 and performs first decryption on a payload in a predetermined decryption range based on the header information.
Referring to FIG. 5B, a data structure 560 is formed by a decoder 555 decoding the data structure 550.
A data structure 570 is a data structure formed by a second encrypter 565 performing second encoding on a payload in a predetermined encryption range based on header information of the data structure 560.
The codec unit 340 may include the UL_HDR parser & first decrypter 545 and the decoder 555.
A data structure 580 is a data structure formed by a second decrypter 575 performing second decryption on the data structure 570.
The decrypted data structure 580 is rendered and displayed on a display unit 360.
The rendering unit 350 may include the second decrypter 575 and a renderer 575.
FIG. 6 is a flowchart of a method of operating a computing system 100, according to another exemplary embodiment. The operation of FIG. 6 is the same as the operation of the computing system 100 described with reference to FIG. 1 and thus, will be simply described.
In operation 610, when components of the computing system 100 share the memory 120 in order to exchange data therebetween, the controller 130 controls the components to encrypt data. For example, when data is transmitted from the first component 140 to the second component 150 through the memory 120, the controller 130 controls the first component 140 to encrypt decrypted data.
In operation 620, the controller 130 controls the components to record the encrypted data in the memory 120. For example, the controller 130 controls the first component 140 to record the encrypted data in the memory 120.
With reference to FIGS. 2 through 4A, a method of protecting data on the shared memory 120 of the computing system 100 according to a single scenario according to an exemplary embodiment will now be described. An example of the computing system 100 may include a display device. Hereinafter, it is assumed that a data structure according to the scenario indicates the data structure described with reference to FIG. 4A.
The computing system 100 stores, in the memory 120, encrypted data that is safely received by using content protection technology (hereinafter, referred to as external protection technology) determined between the computing system 100 and a source device (not shown).
Then, the controller 130 generates the data structure before the external protection technology is released and fills a payload of the data structure with the data in which the external protection technology is released.
Then, the controller 130 controls the security unit 140 a to release the external protection technology and to perform packetization on the data structure. The security unit 140 a performs encryption/decryption based on header information of the data structure.
Then, a media player (MD) operating in the controller 130 controls a demultiplexer (DEMUX) to decode the payload of the data structure recovered from the security unit 140 a.
Since the computing system 100 is designed so that a portion that is required to be referred to is not encrypted from among an encrypted payload in the data structure, the DEMUX has no problem when performing operations. However, since other remaining payloads themselves are encrypted, the other remaining payloads are safe from external attacks.
The media player (MD) calls the codec unit 340.
The codec unit 340 decrypts the encrypted data structure and decodes the decrypted data structure.
After the data is decoded, just before the data is written in the memory 120, the codec unit 340 applies the first protection technology to encrypt the decoded data structure and records the encrypted data structure in the memory 120.
The media player (MD) calls the rendering unit 350.
The rendering unit 350 decrypts the encrypted data structure and renders the encrypted data structure.
The exemplary embodiments can also be implemented as computer readable codes on a computer readable recording medium. The computer readable recording medium is any data storage device that can store programs or data which can be thereafter read by a computer system.
The computer readable codes are configured to perform methods of recording and reproducing an image according to the exemplary embodiments when being read and executed by a processor. The computer readable codes may be embodied by various programming languages. Functional programs, codes, and code segments for accomplishing the exemplary embodiments can be easily construed by programmers of ordinary skill in the art to which the exemplary embodiments pertain.
Examples of the computer readable recording medium include read-only memory (ROM), random-access memory (RAM), CD-ROMs, magnetic tapes, floppy disks, optical data storage devices, solid state drives (SSD), flash memories, and so on. The computer readable recording medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.
While exemplary embodiments have been particularly shown and described, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the inventive concept as defined by the following claims.

Claims (18)

What is claimed is:
1. A computing system comprising:
a plurality of processors comprising a first processor and a second processor, the plurality of processors implemented as hardware and configured to encrypt a predetermined region of a payload and decrypt the encrypted predetermined region of the payload based on first information and second information, using a first protection technology;
a memory that is shared by the first processor and the second processor to exchange data between the first processor and the second processor; and
a first control circuitry configured to generate the first information indicating the predetermined region, of the payload, that is to be encrypted or decrypted using the first protection technology, to generate the second information indicating a position of a region, of the payload, in which encryption or decryption is not to be performed, to identify the predetermined region of the payload, to which the encryption or the decryption is to be applied using the first protection technology, based on the first information, to identify the region of the payload, to which the encryption or the decryption is not to be applied, based on the second information, to control the first processor to re-encrypt decrypted data using the first protection technology, to record the re-encrypted data in the memory and to transmit the re-encrypted data from the first processor to the second processor through the memory,
wherein the plurality of processors comprise:
a security circuitry which decrypts data that is encrypted by an external device using a second protection technology; and
a display control circuitry which controls display of data,
wherein the first control circuitry controls the memory to record the data that is encrypted using the second protection technology, controls the security circuitry to read and decrypt the data that is encrypted using the second protection technology and encrypt and record the decrypted data using the first protection technology, and controls the display control circuitry to read and decrypt the data that is encrypted using the first protection technology.
2. The computing system of claim 1, wherein each of the plurality of processors is configured to read and decrypt encrypted data and to use the decrypted data.
3. The computing system of claim 2, wherein the plurality of processors share the first protection technology for encrypting and decrypting data that is exchanged between the plurality of processors.
4. The computing system of claim 3, wherein the first control circuitry generates a data structure comprising a header and the payload, which are defined according to the first protection technology.
5. The computing system of claim 4, wherein the header comprises the first information indicating the predetermined region, of the payload, that is to be encrypted or decrypted using the first protection technology.
6. The computing system of claim 4, wherein the second protection technology comprises digital rights management (DRM).
7. The computing system of claim 1, wherein the display control circuitry is further configured to controller comprises:
encode and decode data; and
render the data,
wherein the first control circuitry controls to read and decrypt data that is encrypted using the first protection technology, and to re-encrypt and record the decrypted data using the first protection technology, and controls the to re-decrypt the re-encrypted data using the first protection technology, to render the re-decrypted data, and to output the rendered data on a display.
8. The computing system of claim 1, wherein the computing system comprises at least one of a digital television (DTV), a smart phone, a blue ray disc (BD), and a digital set top box (STB).
9. A method of operating a computing system, the method comprising:
generating first information indicating a predetermined region, of a payload, that is to be encrypted or decrypted using a first protection technology, and generating second information indicating a position of a region, of the payload, in which encryption or decryption is not to be performed;
identifying the predetermined region of the payload, to which the encryption or the decryption is to be applied using the first protection technology, based on the first information;
identifying the region of the payload, to which the encryption or the decryption is not to be applied, based on the second information;
re-encrypting decrypted data to exchange data between a plurality of components of the computing system, the plurality of components sharing a memory of the computing system;
recording the re-encrypted data in the memory using the first protection technology;
transmitting the re-encrypted data from a first component to a second component among the plurality of components through the memory; and
reading and decrypting the data that is encrypted using the first protection technology,
wherein the recording the encrypted data comprises recording data that is encrypted by an external device using a second protection technology,
wherein the reading and decrypting the encrypted data comprises reading and decrypting the data that is encrypted using the second protection technology,
wherein the re-encrypting the decrypted data comprises encrypting the decrypted data using the first protection technology, and
wherein the recording the re-encrypted data comprises recording the data that is re-encrypted using the first protection technology in the memory.
10. The method of claim 9, further comprising:
reading and decrypting encrypted data; and
using the decrypted data.
11. The method of claim 10, wherein the plurality of components share the first protection technology for encrypting and decrypting data that is exchanged between the plurality of components.
12. The method of claim 11, further comprising:
generating a data structure comprising a header and the payload, wherein the data structure is defined according to the first protection technology.
13. The method of claim 12, wherein the header comprises the first information indicating the predetermined region, of the payload, that is to be encrypted or decrypted using the first protection technology.
14. The method of claim 12, wherein the second protection technology comprises digital rights management (DRM).
15. A method of operating a computing system, the method comprising:
generating, at a processor of the computing system, first information indicating a predetermined region, of a payload, that is to be encrypted or decrypted using a first protection technology, and generating second information indicating a position of a region, of the payload, in which encryption or decryption is not to be performed;
identifying the predetermined region of the payload, to which the encryption or the decryption is to be applied using the first protection technology, based on the first information; identifying the region of the payload, to which the encryption or the decryption is not to be applied, based on the second information;
receiving, at the processor of the computing system, second encrypted data which is encrypted according to a second protection technology;
decrypting, at the processor of the computing system, the received second encrypted data to generate second unencrypted data;
re-encrypting, at the processor of the computing system, the second unencrypted data according to the first protection technology to generate first re-encrypted data;
recording, at the processor of the computing system, the first re-encrypted data in a memory;
transmitting the first re-encrypted data from a first component to a second component among a plurality of components of the processor, through the memory;
receiving, at the processor of the computing system, the first re-encrypted data and decrypting the first re-encrypted data according to the first protection technology to generate first un-encrypted data; and
rendering, at the processor of the computing system, the first un-encrypted data,
wherein the receiving the first re-encrypted data and decrypting the first re-encrypted data according to the first protection technology to generate the first un-encrypted data comprises receiving the first re-encrypted data at a graphics processing unit or and audio processing unit; and decrypting the first re-encrypted data at the graphics processing unit or the audio processing unit.
16. The method of claim 15, wherein the re-encrypting the second unencrypted data according to the first protection technology to generate the first re-encrypted data further comprises:
generating a data structure comprising a header and the payload, wherein the data structure is adapted according to the first protection technology.
17. The method of claim 16, wherein the header comprises the first information indicating the predetermined region, of the payload, that is to be encrypted or decrypted using the first protection technology.
18. The method of claim 15, wherein the second protection technology comprises digital rights management.
US13/599,617 2011-08-30 2012-08-30 Computing system and method of operating computing system Expired - Fee Related US9940265B2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2011-0087196 2011-08-30
KR1020110087196A KR101857791B1 (en) 2011-08-30 2011-08-30 Image recording/playing device and method, and recording medium

Publications (2)

Publication Number Publication Date
US20130054978A1 US20130054978A1 (en) 2013-02-28
US9940265B2 true US9940265B2 (en) 2018-04-10

Family

ID=47745412

Family Applications (1)

Application Number Title Priority Date Filing Date
US13/599,617 Expired - Fee Related US9940265B2 (en) 2011-08-30 2012-08-30 Computing system and method of operating computing system

Country Status (3)

Country Link
US (1) US9940265B2 (en)
KR (1) KR101857791B1 (en)
CN (1) CN103164657A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10241706B2 (en) * 2016-05-20 2019-03-26 Renesas Electronics Corporation Semiconductor device and its memory access control method

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10621088B2 (en) 2014-12-08 2020-04-14 Intel Corporation Apparatus and method to improve memory access performance between shared local memory and system global memory
CN104661051A (en) * 2015-03-09 2015-05-27 深圳市九洲电器有限公司 Streaming media pushing method and system
CN105681882B (en) * 2016-01-04 2019-04-19 华为技术有限公司 Control method and device thereof, the control circuit of video output

Citations (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030046590A1 (en) * 2001-05-18 2003-03-06 Bender Michael S. Secure personal identification number entry in a distributed network
CN1471021A (en) 2002-06-24 2004-01-28 Media path protection method, system and architecture system
US20050086321A1 (en) * 2003-10-21 2005-04-21 Folk Robert H.Ii Apparatus and method for providing a virtual common hard disk recorder resource
US20050265547A1 (en) 2001-03-02 2005-12-01 Strasser David A Method and apparatus for providing a bus-encrypted copy protection key to an unsecured bus
CN1774755A (en) 2003-04-11 2006-05-17 索尼株式会社 Digital data storage/reproduction method and device
CN1808972A (en) 2005-01-19 2006-07-26 国际商业机器公司 Recording device and recording method of generating information flow
US20060218647A1 (en) * 2005-03-22 2006-09-28 Seagate Technology Llc Data transcription in a data storage device
US20070097130A1 (en) * 2005-11-01 2007-05-03 Digital Display Innovations, Llc Multi-user terminal services accelerator
US20080120676A1 (en) * 2006-11-22 2008-05-22 Horizon Semiconductors Ltd. Integrated circuit, an encoder/decoder architecture, and a method for processing a media stream
US20080189213A1 (en) * 2007-02-05 2008-08-07 Curtis Blake System and method for digital rights management with license proxy for mobile wireless platforms
US7434052B1 (en) * 1999-02-16 2008-10-07 Fraunhofer-Gesellschaft Zur Foerderung Der Angewandten Forschung E.V. Method and device for producing an encrypted payload data stream and method and device for decrypting an encrypted payload data stream
US20080267411A1 (en) * 2007-04-27 2008-10-30 General Instrument Corporation Method and Apparatus for Enhancing Security of a Device
US20090172758A1 (en) * 2007-12-31 2009-07-02 Luc Vantalon Distributed tv access system
US20090172401A1 (en) * 2007-11-01 2009-07-02 Infineon Technologies North America Corp. Method and system for controlling a device
US20090265022A1 (en) * 2008-04-21 2009-10-22 Microsoft Corporation Playback of multimedia during multi-way communications
US20090296929A1 (en) * 2007-01-11 2009-12-03 Nds Limited Processing video content
CN101661544A (en) 2008-03-31 2010-03-03 英特尔公司 Method and apparatus for providing a secure display window inside the primary display
US20100185800A1 (en) * 2009-01-21 2010-07-22 Ati Technologies Ulc Communication protocol for sharing memory resources between components of a device
US20100313010A1 (en) * 1998-07-22 2010-12-09 Kenji Tagawa Digital data recording apparatus, digital data recording method, and computer-readable recording medium
US20110022853A1 (en) 2009-07-23 2011-01-27 International Business Machines Corporation Encrypting data in volatile memory
US20110047255A1 (en) * 2009-08-18 2011-02-24 Kabushiki Kaisha Toshiba Multimedia processing control apparatus and multimedia processing control method
US20110064217A1 (en) 2008-05-09 2011-03-17 Fry Walter G System And Method For Providing Secure Access To System Memory
US20110078760A1 (en) 2008-05-13 2011-03-31 Nxp B.V. Secure direct memory access
CN102063598A (en) 2009-11-17 2011-05-18 北大方正集团有限公司 Data encryption and decryption methods and devices
US20110247079A1 (en) * 2007-04-04 2011-10-06 Sony Corporation Systems and methods to distribute content over a network
US20120050259A1 (en) * 2010-08-31 2012-03-01 Apple Inc. Systems, methods, and computer-readable media for efficiently processing graphical data
US20120137139A1 (en) * 2010-11-26 2012-05-31 Kabushiki Kaisha Toshiba Data storage device, data control device and method for encrypting data
US20130006866A1 (en) * 2011-06-30 2013-01-03 Ramesh Pendakur Method and apparatus for dynamic, real-time ad insertion based on meta-data within a hardware based root of trust
US20140047490A1 (en) * 2007-12-31 2014-02-13 Digital Keystone, Inc. Distributed tv access system
US20140075502A1 (en) * 2012-09-11 2014-03-13 Selim Aissi Resource management of execution environments
US20140112471A1 (en) * 2011-01-05 2014-04-24 Ramesh Pendakur Method and Apparatus for Building a Hardware Root of Trust and Providing Protected Content Processing Within an Open Computing Platform
US20140222168A1 (en) * 2010-06-22 2014-08-07 Junho AHN Method for controlling component for network system

Patent Citations (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100313010A1 (en) * 1998-07-22 2010-12-09 Kenji Tagawa Digital data recording apparatus, digital data recording method, and computer-readable recording medium
US7434052B1 (en) * 1999-02-16 2008-10-07 Fraunhofer-Gesellschaft Zur Foerderung Der Angewandten Forschung E.V. Method and device for producing an encrypted payload data stream and method and device for decrypting an encrypted payload data stream
US20050265547A1 (en) 2001-03-02 2005-12-01 Strasser David A Method and apparatus for providing a bus-encrypted copy protection key to an unsecured bus
US20030046590A1 (en) * 2001-05-18 2003-03-06 Bender Michael S. Secure personal identification number entry in a distributed network
CN1471021A (en) 2002-06-24 2004-01-28 Media path protection method, system and architecture system
US7810163B2 (en) 2002-06-24 2010-10-05 Microsoft Corporation Secure media path methods, systems, and architectures
CN1774755A (en) 2003-04-11 2006-05-17 索尼株式会社 Digital data storage/reproduction method and device
US20070106906A1 (en) 2003-04-11 2007-05-10 Sony Corporation Digital data storage/reproduction method and device
US20050086321A1 (en) * 2003-10-21 2005-04-21 Folk Robert H.Ii Apparatus and method for providing a virtual common hard disk recorder resource
CN1808972A (en) 2005-01-19 2006-07-26 国际商业机器公司 Recording device and recording method of generating information flow
US7792296B2 (en) 2005-01-19 2010-09-07 International Business Machines Corporation Access-controlled encrypted recording method for site, interaction and process monitoring
US20060218647A1 (en) * 2005-03-22 2006-09-28 Seagate Technology Llc Data transcription in a data storage device
US20070097130A1 (en) * 2005-11-01 2007-05-03 Digital Display Innovations, Llc Multi-user terminal services accelerator
US20080120676A1 (en) * 2006-11-22 2008-05-22 Horizon Semiconductors Ltd. Integrated circuit, an encoder/decoder architecture, and a method for processing a media stream
US20090296929A1 (en) * 2007-01-11 2009-12-03 Nds Limited Processing video content
US20080189213A1 (en) * 2007-02-05 2008-08-07 Curtis Blake System and method for digital rights management with license proxy for mobile wireless platforms
US20110247079A1 (en) * 2007-04-04 2011-10-06 Sony Corporation Systems and methods to distribute content over a network
US20080267411A1 (en) * 2007-04-27 2008-10-30 General Instrument Corporation Method and Apparatus for Enhancing Security of a Device
US20090172401A1 (en) * 2007-11-01 2009-07-02 Infineon Technologies North America Corp. Method and system for controlling a device
US20140047490A1 (en) * 2007-12-31 2014-02-13 Digital Keystone, Inc. Distributed tv access system
US20090172758A1 (en) * 2007-12-31 2009-07-02 Luc Vantalon Distributed tv access system
CN101661544A (en) 2008-03-31 2010-03-03 英特尔公司 Method and apparatus for providing a secure display window inside the primary display
US8646052B2 (en) 2008-03-31 2014-02-04 Intel Corporation Method and apparatus for providing a secure display window inside the primary display
US20090265022A1 (en) * 2008-04-21 2009-10-22 Microsoft Corporation Playback of multimedia during multi-way communications
US20110064217A1 (en) 2008-05-09 2011-03-17 Fry Walter G System And Method For Providing Secure Access To System Memory
US20110078760A1 (en) 2008-05-13 2011-03-31 Nxp B.V. Secure direct memory access
US20100185800A1 (en) * 2009-01-21 2010-07-22 Ati Technologies Ulc Communication protocol for sharing memory resources between components of a device
US20110022853A1 (en) 2009-07-23 2011-01-27 International Business Machines Corporation Encrypting data in volatile memory
US20110047255A1 (en) * 2009-08-18 2011-02-24 Kabushiki Kaisha Toshiba Multimedia processing control apparatus and multimedia processing control method
CN102063598A (en) 2009-11-17 2011-05-18 北大方正集团有限公司 Data encryption and decryption methods and devices
US20140222168A1 (en) * 2010-06-22 2014-08-07 Junho AHN Method for controlling component for network system
US20120050259A1 (en) * 2010-08-31 2012-03-01 Apple Inc. Systems, methods, and computer-readable media for efficiently processing graphical data
US20120137139A1 (en) * 2010-11-26 2012-05-31 Kabushiki Kaisha Toshiba Data storage device, data control device and method for encrypting data
US20140112471A1 (en) * 2011-01-05 2014-04-24 Ramesh Pendakur Method and Apparatus for Building a Hardware Root of Trust and Providing Protected Content Processing Within an Open Computing Platform
US20130006866A1 (en) * 2011-06-30 2013-01-03 Ramesh Pendakur Method and apparatus for dynamic, real-time ad insertion based on meta-data within a hardware based root of trust
US20140075502A1 (en) * 2012-09-11 2014-03-13 Selim Aissi Resource management of execution environments

Non-Patent Citations (8)

* Cited by examiner, † Cited by third party
Title
Communication dated Dec. 29, 2016, issued by the State Intellectual Property Office of P.R. China in counterpart Chinese Application No. 201210316363.7.
Communication from the State Intellectual Property Office of P.R. China dated Apr. 18, 2016 in a counterpart Chinese application No. 201210316363.7.
Communication from the State Intellectual Property Office of P.R. China dated Sep. 20, 2016, in counterpart Chinese Application No. 201210316363.7.
Foukarakis et al, Deep Packet Anonymization, ACM, 2009, pp. 16-21. *
http://www.arm/com/products/processors/technologies/trustzone.php, 5 pages total, 2012, retrieved from the Internet on Aug. 30, 2012.
http://www.digital-cp.com, 2 pages total, 2012, retrieved from the internet on Aug. 30, 2012.
http://www.dtcp.com, 2 pages total, 2010,retrieved from the Internet on Aug. 30, 2012.
Kayem et al, A Framework for Self-Protecting Cryptographic Key Management, IEEE, 2008, pp. 191-200. *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10241706B2 (en) * 2016-05-20 2019-03-26 Renesas Electronics Corporation Semiconductor device and its memory access control method

Also Published As

Publication number Publication date
KR101857791B1 (en) 2018-05-16
KR20130024024A (en) 2013-03-08
US20130054978A1 (en) 2013-02-28
CN103164657A (en) 2013-06-19

Similar Documents

Publication Publication Date Title
US10754930B2 (en) Remotely managed trusted execution environment for digital rights management in a distributed network with thin clients
US7653943B2 (en) Secure media path methods, systems, and architectures
EP3191994B1 (en) Media decoding control with hardware-protected digital rights management
EP2289014B1 (en) Content encryption using at least one content pre-key
US9445112B2 (en) Secure transcoding of video data
US9152577B2 (en) Security central processing unit management of a transcoder pipeline
US8064600B2 (en) Encoded digital video content protection between transport demultiplexer and decoder
US9940265B2 (en) Computing system and method of operating computing system
EP3605371B1 (en) Remotely managed trusted execution environment for digital-rights management in a distributed network with thin clients
US8850183B1 (en) Interconnect device to enable compliance with rights management restrictions
JP2000100069A (en) Copy protecting method, data processor applying the method and recording medium
EP2699017B1 (en) Security processing unit with secure connection to head end
WO2021184181A1 (en) Secure output method and electronic device
JP2008015919A (en) Content reproduction device

Legal Events

Date Code Title Description
AS Assignment

Owner name: SAMSUNG ELECTRONICS CO., LTD., KOREA, REPUBLIC OF

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:YUN, SUK-JIN;SHIN, JUN-BUM;JUNG, MOON-GYU;AND OTHERS;REEL/FRAME:028877/0645

Effective date: 20120824

STCF Information on status: patent grant

Free format text: PATENTED CASE

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20220410